TUCoPS :: Linux :: Ubuntu :: tb12614.htm

xfsdump vulnerability
xfsdump vulnerability
xfsdump vulnerability




--mJm6k4Vb/yFcL9ZU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=========================================================== 
Ubuntu Security Notice USN-516-1         September 20, 2007
xfsdump vulnerability
CVE-2007-2654
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  xfsdump                         2.2.30-1ubuntu0.1

Ubuntu 6.10:
  xfsdump                         2.2.38-1ubuntu0.6.10.1

Ubuntu 7.04:
  xfsdump                         2.2.38-1ubuntu0.7.04.1

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

Paul Martin discovered that xfs_fsr creates a temporary directory
with insecure permissions. This allows a local attacker to exploit a
race condition in xfs_fsr to read or overwrite arbitrary files on xfs
filesystems.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.30-1ubuntu0.1.dsc 
      Size/MD5:      618 d4f3b9ad40143e751b220f726961ebba
http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.30-1ubuntu0.1.tar.gz 
      Size/MD5:   576453 0bdb54112e248aec97ec3f76e31db3bc

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.30-1ubuntu0.1_amd64.deb 
      Size/MD5:   292386 0599bfb1c91ff8dd91092573aeddf7eb

  i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.30-1ubuntu0.1_i386.deb 
      Size/MD5:   272798 24c9b70f6bc313fd74e1c796fc8275c3

  powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.30-1ubuntu0.1_powerpc.deb 
      Size/MD5:   289254 2ca3f1498a821cedcdbbabb0e3e3024e

  sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.30-1ubuntu0.1_sparc.deb 
      Size/MD5:   269570 90ccbc30495a8af38bbd12036a9f777d

Updated packages for Ubuntu 6.10:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.6.10.1.dsc 
      Size/MD5:      637 f531f5e74e784f3eed86079c4bb4a399
http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.6.10.1.tar.gz 
      Size/MD5:   566100 7b23a7834d606502d7a417c27c985cd9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.6.10.1_amd64.deb 
      Size/MD5:   307830 073c61422d102e82e5c19d0a02efb31f

  i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.6.10.1_i386.deb 
      Size/MD5:   297776 1f9d437502c787707a615370de257c03

  powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.6.10.1_powerpc.deb 
      Size/MD5:   323958 2bb7d2a50cb420dba81a852ff82495ec

  sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.6.10.1_sparc.deb 
      Size/MD5:   288660 33596c287661474fb78beb9501813657

Updated packages for Ubuntu 7.04:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.7.04.1.dsc 
      Size/MD5:      721 392609671d6695b02245178ea01bd755
http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.7.04.1.tar.gz 
      Size/MD5:   566169 665eca44b04dbcc7f753d59ff1e92997

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.7.04.1_amd64.deb 
      Size/MD5:   308552 c61901d79e291f4ac7c64f0f721d02a8

  i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.7.04.1_i386.deb 
      Size/MD5:   298510 d81af22139ffeefce8ef5979b4468773

  powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.7.04.1_powerpc.deb 
      Size/MD5:   334954 d423004a9bf53ae41806902d1e80a1ee

  sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.7.04.1_sparc.deb 
      Size/MD5:   291278 1bbe48738754e5a2c293723d8e3ef3e4


--mJm6k4Vb/yFcL9ZU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG8wJIH/9LqRcGPm0RAoujAJ9F9mj/RJGnfqWoNyMd9JkdU9Q+iACdFIX1
kYmwoijKlXWhZG/sHAx83io=x2G1
-----END PGP SIGNATURE-----

--mJm6k4Vb/yFcL9ZU--

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH